Update on data security investigation at Texthelp

At 11:14 am GMT on Sunday 11th February 2018, a JavaScript file which is part of our Browsealoud product was compromised during a cyber attack. The attacker added malicious code to the file to use the browser CPU in an attempt to illegally generate cryptocurrency. This was a criminal act and an investigation is underway. Original statement from Martin McKay, CTO, Texthelp.

We are confident that no customer data was accessed or lost as a result and we would like to take this opportunity to apologise sincerely to all of our customers for any inconvenience caused due to downtime during this opportunistic cyber attack. As a precautionary measure, our Browsealoud service was taken offline for four days so that we could conduct an internal security review as well as undertake additional engineering work to put extra security measures in place.

We have had a threat detection system running on the Browsealoud service for several years so the intrusion and file change was detected. Our threat response process relied on key staff at Texthelp receiving a notification and acting on the information quickly. Although the threat was mitigated within four hours, we regard this as being unacceptably long and have redesigned the process.

Here’s what we have done to date :

An internal security review has been completed on all AWS resources. Subsequently a number of improvements have been made.

A 3rd party company, BSI, performed a penetration test to provide independent validation of the security status of Browsealoud.

An improved threat detection script has been deployed with an automated take down facility if the Browsealoud script has been tampered with.

An additional layer of security requiring a second factor authentication has been implemented to prevent any script changes being published without two Texthelp staff members separately approving the update.